For those with a ThreatConnect, Public-Cloud API-user account, the ThreatConnect API is accessible at https://api.threatconnect.com.

Note

If you are working with the ThreatConnect sandbox, the api path is: https://sandbox.threatconnect.com/api. If you are working with a Dedicated Cloud or On-Premise instance of ThreatConnect, please contact your System Administrator for the correct API URL.

For the rest of this document, the base API URL will not be included in any of the endpoints (e.g., the branch for owners will be described as /v2/owners rather than https://api.threatconnect.com/v2/owners). You will be responsible for adding the correct base API URL.

Requests to ThreatConnect API endpoints must be made over HTTPS with a valid Signature (as described in the next section), or a 403 error will be returned.

Each API response is formatted with a status. If the status is “Success,” each response includes a data field with the appropriate response type. If the status is “Failure,” an appropriate error message is provided as to why the request failed.

The API will be versioned as needed to support continued development of the ThreatConnect platform, and existing API versions will be appropriately deprecated. Version 2 (v2) of the API supports write capabilities via HTTP POST and PUT methods. The HTTP GET method is used for read access to resources.

To test API connectivity, start with a request to the /v2/owners branch to return all Organizations and Communities to which the API credentials have access. After you insert your API secret key and access ID, the bash script below will format and send the request: